Oblivious Order-Preserving Encryption

1. A computer-implemented method, comprising: receiving by at a cloud service provider, an input value from a data client, the cloud service provider storing, in an order preserving encryption (OPE) tree, a plurality of ciphertexts corresponding to encrypted data associated with the OPE tree having a plurality of nodes that each corresponds to one of the plurality of ciphertexts, and a relative position of the plurality of nodes within the OPE tree corresponding to an order that is present in the encrypted data associated with the data owner; in response to receiving the input value from the data client, generating, by the cloud service provider, a first randomized input and a second randomized input, the first randomized input being generated based at least on a ciphertext at a first node of the OPE tree, and the second randomized input being generated based at least on the input value received from the data client; sending, to the data owner and the data client, the first randomized input and the second randomized input to at least enable the data owner and the data client to perform an oblivious comparison to determine the input value as being less than, equal to, or greater than a plaintext value of the ciphertext at the first node of the OPE tree, the oblivious comparison being performed without revealing, to the data owner, the input value received from the data client; traversing, based at least on a result of the oblivious comparison, the OPE tree; determining, based at least on the traversal of the OPE tree, an OPE encoding for the input value received from the data client, the OPE encoding for the input value indicative of a position of a node corresponding to the input value within the OPE tree; and performing, based at least on the OPE encoding of the input value received from the data client, an order-based operation on the encrypted data stored at the cloud service provider.

2. The computer-implemented method of claim 1 , further comprising: traversing from the first node of the OPE tree to a second node of the OPE tree based at least on the result of the oblivious comparison indicating that the input value is less than or greater than the plaintext value of the ciphertext at the first node of the OPE tree.

3. The computer-implemented method of claim 1 , further comprising: determining that the OPE encoding for the input value received from the data client corresponds to an OPE encoding associated with the first node of the OPE tree based at least on the result of the oblivious comparison indicating the input value being equal to the plaintext value of the ciphertext at the first node selected of the OPE tree.

4. The computer-implemented method of claim 1 , further comprising: determining whether the first node has one or more child nodes in response to the result of the oblivious comparison indicating that the input value from the data client is not equal to the plaintext value of the ciphertext at the first node of the OPE tree.

5. The computer-implemented method of claim 4 , further comprising: generating, based at least on the OPE encoding associated with the first node of the OPE tree, the OPE encoding for the input value in response to determining that that the first node does not have one or more child nodes.

6. The computer-implemented method of claim 5 , wherein the OPE encoding for the input value is further determined based on an OPE encoding of a successor node or a predecessor node of the first node.

7. The computer-implemented method of claim 2 , wherein the performing of the oblivious comparison comprises: generating, by the data owner, a garbled circuit configured to perform the oblivious comparison; and evaluating, by the data client, the garbled circuit, the evaluating of the garbled circuit being based at least on the randomized input corresponding to the input value from the data client.

8. The computer-implemented method of claim 7 , wherein the garbled circuit is configured to mask the result of the oblivious comparison using one or more masking bits associated with the data owner and/or the data client.

9. The computer-implemented method of claim 8 , wherein the performing of the oblivious comparison further comprises: partially unmasking, by the data owner, the result of the oblivious comparison using one or more masking bits associated with the data owner; and partially unmasking, by the data client, the result of the oblivious comparison using one or more masking bits associated with the data client.

10. The computer-implemented method of claim 9 , further comprising: receiving, at the cloud service provider, a partially unmasked result of the oblivious comparison from each of the data owner and the data client and a respective masking bits used by each of the data owner and the data client.

11. A system, comprising: at least one processor; and at least one memory storing instructions which, when executed by the at least one processor, result in operations comprising: receiving, at a cloud service provider, an input value from a data client, the cloud service provider storing, in an order preserving encryption (OPE) tree, a plurality of ciphertexts corresponding to encrypted data associated a data owner, the OPE tree having a plurality of nodes that each corresponds to one of the plurality of ciphertexts, and a relative position of the plurality of nodes within the OPE tree corresponding to an order that is present in the encrypted data associated with the data owner; in response to receiving the input value from the data client, generating, by the cloud service provider, a first randomized input and a second randomized input, the first randomized input being generated based at least on a ciphertext at a first node of the OPE tree, and the second randomized input being generated based at least on the input value received from the data client; sending, to the data owner and the data client, the first randomized input and the second randomized input to at least enable the data owner and the data client to perform an oblivious comparison to determine the input value as being less than, equal to, or greater than a plaintext value of the ciphertext at the first node of the OPE tree, the oblivious comparison being performed without revealing, to the data owner, the input value received from the data client; traversing, based at least on a result of the oblivious comparison, the OPE tree; determining, based at least on the traversal of the OPE tree, an OPE encoding for the input value received from the data client, the OPE encoding for the input value indicative of a position of a node corresponding to the input value within the OPE tree; and performing, based at least on the OPE encoding of the input value received from the data client, an order-based operation on the encrypted data stored at the cloud service provider.

12. The system of claim 11 , further comprising: traversing from the first node of the OPE tree to a second node of the OPE tree based at least on the result of the oblivious comparison indicating that the input value is less than or greater than the plaintext value of the ciphertext at the first node of the OPE tree.

13. The system of claim 11 , further comprising: determining that the OPE encoding for the input value received from the data client corresponds to an OPE encoding associated with the first node of the OPE tree based at least on the result of the oblivious comparison indicating the input value being equal to the plaintext value of the ciphertext at the first node selected of the OPE tree.

14. The system of claim 11 , further comprising: determining whether the first node has one or more child nodes in response to the result of the oblivious comparison indicating that the input value from the data client is not equal to the plaintext value of the ciphertext at the first node of the OPE tree.

15. The system of claim 14 , further comprising: generating, based at least on the OPE encoding associated with the first node of the OPE tree, the OPE encoding for the input value in response to determining that that the first node does not have one or more child nodes.

16. The system of claim 15 , wherein the OPE encoding for the input value is further determined based on an OPE encoding of a successor node or a predecessor node of the first node.

17. The system of claim 12 , wherein the data owner is configured to perform the oblivious comparison by at least generating a garbled circuit configured to perform the oblivious comparison, and wherein the data client is configured to perform the oblivious comparison by at least evaluating the garbled circuit, the evaluating of the garbled circuit being based at least on the randomized input corresponding to the input value from the data client.

18. The system of claim 17 , wherein the garbled circuit is configured to mask the result of the oblivious comparison using one or more masking bits associated with the data owner and/or the data client.

19. The system of claim 18 , wherein the data owner is further configured to perform the oblivious comparison by at least partially unmasking the result of the oblivious comparison using one or more masking bits associated with the data owner, wherein the data client is further configured to perform the oblivious comparison by at least partially unmasking the result of the oblivious comparison using one or more masking bits associated with the data client, and wherein the cloud service provider is configured to receive a partially unmasked result of the oblivious comparison from each of the data owner and the data client and a respective masking bits used by each of the data owner and the data client.

20. A non-transitory computer-readable storage medium including program code, which when executed by at least one data processor, cause operations comprising: receiving, at a cloud service provider, an input value from a data client, the cloud service provider storing, in an order preserving encryption (OPE) tree, a plurality of ciphertexts corresponding to encrypted data associated with a data owner, the OPE tree having a plurality of nodes that each corresponds to one of the plurality of ciphertexts, and a relative position of the plurality of nodes within the OPE tree corresponding to an order that is present in the encrypted data associated with the data owner; in response to receiving the input value from the data client, generating, by the cloud service provider, a first randomized input and a second randomized input, the first randomized input being generated based at least on a ciphertext at a first node of the OPE tree, and the second randomized input being generated based at least on the input value received from the data client; sending, to the data owner and the data client, the first randomized input and the second randomized input to at least enable the data owner and the data client to perform an oblivious comparison to determine the input value as being less than, equal to, or greater than a plaintext value of the ciphertext at the first node of the OPE tree, the oblivious comparison being performed without revealing, to the data owner, the input value received from the data client; traversing, based at least on a result of the oblivious comparison, the OPE tree; determining, based at least on the traversal of the OPE tree, an OPE encoding for the input value received from the data client, the OPE encoding for the input value indicative of a position of a node corresponding to the input value within the OPE tree; and performing, based at least on the OPE encoding of the input value received from the data client, an order-based operation on the encrypted data stored at the cloud service provider.